Thursday, September 28, 2017

quick refresher from anyone who maintains Linux systems

#linux quick refresher from anyone who maintains Linux systems #document http://bit.ly/2ftqnfK
  • RCS is your friend, use it religiously on every system file you modify.
  • My 20¢, https://plus.google.com/u/0/111725158664981767583
    • once u've settled up
    • setup a rsyslog server.
    • Monitoring server (zabix, cacti, et al).
    • Backup and update really often (specially if ur servers are internet-facing).
    • Don't install apache and mysql on the same server.
    • Only use https.
    • Use containers (lxc, docker) when possible.
    • Avoid using any .tar or .gz to install software, always use repositories or git.
    • Never, never, never disable iptables or selinux (rh/centos).
    • Always use fail2ban and mod_secure (if using a webserver).
    • Cheers!
    • assuming you maintain the hardware, tools to monitor hardware state. power supplies and hard drives are the most common issues in my environments that need watching. @ my last job, network team would introduce problems, so I also needed to check the status of my network bonds.

    • Hardware or virtual, firewall and audit logs are mandatory for examining. Keep up on vendor updates (CERT vulnerability lists are also good).
    • Log files. Depending on what services you are running, you’ll need to setup a log rotation right quick or you can run your /var partition out of space.
    • nothing. what you need is monitoring setup and logwatch installed. read those emails, look at the monitoring system, login every once in a while, check who is logged in, running processes, network connections, free disk and memory, top.
    • I really like having a CAS & PDU set up for remote control of everything without using ipmi.

    • That all said, I have a set of cronjobs I run nightly or weekly to keep me informed. On various critical stuff I run nagios on assorted services.

    • A bit old school but it works for me.

    • I also have assorted scripts, for example an ansible script that goes through and updates/patches security in all of my servers (some 300 odd).
    • Largely just SSH with private keys, and ensuring that updates are regularly installed.

    • You can always write a simple program to get whatever stats are most important to you from the machines. Usually never amounts to more than just getting a history of memory, CPU, disk and network activity.

Tuesday, September 26, 2017

#event Tue-Wed Sep 26-27 2017 #StructureSecurity 2017

    Wednesday, September 20, 2017

    some DevOps Reading material


    Thursday, September 14, 2017

    Asian salad recipe, protein and vegetables

    Asian salad recipe, protein and vegetables
    • Choice of protein: Tempeh/Tofu, lean pork, chicken, or beef.
    • Persian or hot-house cucumber
    • bean sprouts (mung or soy)
    • Jalapeno
    • sesame oil
    • Peanuts
    • sunflower seeds
    • Thai peanut salad dressing (or dressing of your choice, e.g. sesame ginger)
    • (optional) Napa cabbage

    Prepare/cook your choice of protein. Chop/slice cucumber, celery, and Jalapeno. Rinse bean sprouts. Brown peanuts and sunflower seeds in sesame oil.  Combine. Add dressing.

    • Asian Salad http://www.foodnetwork.com/recipes/food-network-kitchen/asian-salad-recipe-2105407